Honestly if you like docker then that's great but here me out:
Docker on enterprise servers? β
Yep
Docker instead of VMs? β
Sure why not?
Docker because you want to? β
Of course!
Docker on a single board computer for one job? β Nonononono please just tell me the steps involved so I can learn how the system works!
@renbymon mood
@renbymon I've got a couple of things running in Docker on SBCs that are the ony thing doing anything on that machine. it's kinda overkill, but it allows me to more easily intergrate it into my larger remote management system, and makes monitoring, alerting, and updates a looot easier.
@garrwolfdog Sorry I didn't mean to come across as "never use docker at all" but that I dislike that answers have in some cases become "use this docker image"
For example I want a SBC to monitor the temperature of my hot water tank. The first guide I found said that I should use multiple docker images to provide Prometheus and Grafana, and other guides were similar.
In the end Darac pointed me to Munin and that's exactly what I want. :)
@garrwolfdog Like in your case if you're already au fait with docker and it fits into your network then it makes sense, but for me who's still running servers with multiple services for an internal home network I'd prefer to have the details of how to configure it myself :)
It wouldn't be an issue if it was "here's how to do it from scratch but also there's a docker image if you want" but I keep seeing guides that are "you must use docker"
@renbymon I'm not totally sure I follow. Even if you're using docker you still need to configure things as much as you would if you were setting it up on bare-metal. the only real difference if that you don't need to compile the binarries yourself and it will have kind of sandbox to run in. unless you're wanting to tinker with the source code itself, I guess?
Ooor this might just be confusion about how docker works? it can be alittle unclear, tbh.
@garrwolfdog Sorry let me clarify; I know nothing about docker and the first time I tried to follow one of these guides I ran into a problem with no way of being able to troubleshoot the fault. I couldn't find an easy answer of how to look at the logs or files within the docker so I had no idea what was going on.
That one did have all the code/scripts/etc not in a docker image and the first time I ran all that I found the fault straight away just by looking at the system logs.
@garrwolfdog @garrwolfdog It turned out that the python code was pointing to a folder that didn't exist. Changing that code fixed the problem, but the docker image pulled the code directly from the GitHub so short of forking the project and making my own changes directly from there I wasn't able to find a way to change the files in the docker container
@garrwolfdog I guess my point is that while I'm futsing around with my own little projects I know how to troubleshoot if it doesn't work. I've no idea how to do that on a docker container and I haven't yet found anything that explains it in a way I can understand, if it even is possible to troubleshoot like one would for a bare metal machine.
@renbymon Ah! I see. yeah, the debug process is alittle different; and honestly, kind of a pain if you're just using straight docker. if you use docker-compose or something like Portainer, then monitoringthe logs is instantly a lot easier and more intuative.
@renbymon @garrwolfdog Really, each container is just a little Linux server running in its own space on top of actual Linux. You can get into it and see the filesystem with 'docker exec <container id|name> -ti /bin/bashβ.
Incoming network connections are mapped (on startup) from your host to the container.
Logs may be in /var/log in the container, or sometimes it's set to go to stderr, in which case use 'docker logs <container> -f' to see them.
You know all this, then you can debug. :)
@renbymon Yikes! yeeeeeah, that is NOT how you should be building your container images. The whole point of containerisation is to avoid problems like that! no one should be releasing images that pull no-versioned locked code from 3rd party sources; that's dodgy as hell!
@garrwolfdog That's how I've seen a lot of people using it for small projects, hence my aversion to it in small projects.
I've always seen it as one of those things that you have to know/be invested in learning before you use it in a production environment but some people are treating it like FlatPak/AppImage
@renbymon honesty, if you're running self-hosted home systems, then it's worth learning how to use docker. it can make spinning up and testing out services sooo much quicker and clear.
@garrwolfdog I want to eventually when I can brain properly for it; I want to set up four TV channels running from a server and being output into an old hotel CATV distribution board, and having each channel in its own docker container would be helpful for monitoring them.
@renbymon If you ever need to pointers to get you going, we're always happy to help!
@garrwolfdog Thank you :)
@renbymon ah! yeah, "use Prometheus and Grafana" is kinda the standard approach for most networked monitoring. and it will cover pretty much any situationyou needs, but configuring them for small scale stuff can be more of a pain than is really needed, tbh.
@renbymon ok, unrelated to you but I got to be pedant for a moment XD
It should be it's named after the raven so its a nominative singular masculine propper noun, so it should be "Muninn" not "Munin". Why people don't consult a linguist before naming their software, I'll never know!
@garrwolfdog @renbymon I actually really like using docker for projects on smaller SBCs, because when they inevitably outgrow the SBCs and need to be moved into a more powerful environment, I can just plonk the compose file on the new system and Iβm back up and running in minutes.
@pippin @renbymon part of the point of the containers is to avoid the very issue it sounds like you're worried they cause. There are potential Escape Routes (usually if run with too many permissions) but the idea is almost more "I don't trust this to _not_ get compromised so I'm isolating this with limited connections for networking/data out of it" with the added benefit of "I also don't have to worry about package collisions or it fucking with local packages".
Outside of official containers I tend not to trust ones where I can't see the Dockerfile, and can read to see how the container image was built and what it'll do inside itself. Useful sometimes for writing my own Dockerfile stuff like for the mastodon image I use.
But yeah the dual purpose is definitely "contain" first, hence the name, with the benefit of "isolate libraries" second meaning if your container ever goes sideways you can just tear it down, and not have to worry about "alright what files got fucked up by building or package management?" And kinda making the data a little more portable. Definitely makes migrating/moving stuff a lot less painful.
@KayOhtie @renbymon I don't drive recklessly just because I'm wearing a seatbelt, though. π€·ββοΈ
I'm just very dubious about the benefits, haven't had the time and motivation to spend to learn this whole new thing, and haven't had any problems doing it the way I've always done it.
(I'm probably in the "anything invented after you turn 30 is newfangled trash" phase, too.)
@renbymon I dont think the problem here lies with docker/contanerisation, andthey seem to be using docker in some wierd ways, if they're running into problems with lack of system choice. and their point of "everythign running as root" doens't really make a lot of sense.
Maybe i'm just not unstanding their POV.
I mean, there's nothing stopping you from just spinning up the docker image and taking it appart if you want. and as sys admin I love the extra security having unknown code compart mentalised in a container gives.
In my experience, the previlance of docker hasn't make dev less helpful, unfortunately.
@renbymon yeah i can sort of get it from an avoiding dependency hell perspective but yeah absolutely not running it on the pi zero
Link to the post https://www.reddit.com/r/selfhosted/comments/sgtclz/comment/huykeps/?utm_source=share&utm_medium=mweb3x&utm_name=mweb3xcss&utm_term=1&utm_content=share_button